Lucene search
+L

446 matches found

CVE
CVE
added 3 days ago10 views

CVE-2026-35146

The CVE-2026-35146 record concerns HCL DFXServer and describes an Unencrypted Communication vulnerability. The issue allows connections over unencrypted HTTP channels, enabling a remote attacker to intercept traffic and access sensitive data transmitted between the user and the server. The provid...

6.3CVSS6.1AI score0.00116EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-58726

Name of the Vulnerable Software and Affected Versions Amazon AWS Load Balancer Controller versions prior to 3.4.2 Description An issue exists in the Gateway API listener-rule generation where rules are ordered by route type rather than specificity when an HTTPRoute and GRPCRoute share an ALB...

8.5CVSS6.1AI score0.00373EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-431 OpenStack Neutron allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address...

9.1CVSS7AI score0.04248EPSS
Exploits1References13
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.11 views

CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance

Impact CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic. NetNamedPipe creates a shared memory object based on the listening url, then generated a unique GUID for the named pipe it will be using and saves this ...

6.5CVSS5.9AI score0.00088EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 8:46 p.m.6 views

GHSA-6JJ2-4Q5C-X8G6 CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance

Impact CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic. NetNamedPipe creates a shared memory object based on the listening url, then generated a unique GUID for the named pipe it will be using and saves this ...

6.5CVSS5.9AI score0.00088EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51074

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The NetNamedPipe transport in CoreWCF allows local interception of traffic. This occurs because the transport accepts attachments to pre-existing named pipe instances...

6.5CVSS6AI score0.00088EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/06/12 1:32 a.m.12 views

CVE-2026-44494

A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle MITM attack. This enables the attacker to intercept, read, and modify all...

8.7CVSS5.1AI score0.01041EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.12 views

CVE-2026-9213

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 7:16 a.m.18 views

CVE-2026-11815

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...

5.3CVSS0.00317EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 6:39 a.m.17 views

EUVD-2026-35992

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...

5.3CVSS6AI score0.00317EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.13 views

Mind Your Key: An Empirical Study of LLM API Credential Leakage in IOS Apps

The rapid integration of large language models LLMs into mobile applications has introduced a new class of credential security risk: leaked credentials that grant unauthorized access to LLM inference services, causing financial damage to developers. Prior work on credential leakage has focused...

5.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48382

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...

5.3CVSS6AI score0.00317EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:31 p.m.10 views

EUVD-2026-35455

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper traffic between the router and the Internet, to execute code on the device...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 5:17 p.m.9 views

CVE-2026-9213

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

9.1CVSS0.00397EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 3:50 p.m.37 views

CVE-2026-9213 Insufficient input validation in certain NETGEAR routers

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

9.1CVSS0.00397EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 3:50 p.m.24 views

CVE-2026-9213

CVE-2026-9213 affects NETGEAR gaming routers. The issue stems from insufficient input validation, enabling an attacker who can intercept traffic between the router and the Internet to execute code on the device. Documented impact includes high confidentiality and integrity impact with network-exp...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 3:50 p.m.7 views

CVE-2026-9213 Insufficient input validation in certain NETGEAR routers

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 3:39 p.m.9 views

CVE-2026-0409 Netgear Orbi 370 Series Remote Code Execution vulnerability

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices...

7.5CVSS5.5AI score0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 3:39 p.m.34 views

CVE-2026-0409 Netgear Orbi 370 Series Remote Code Execution vulnerability

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices...

7.5CVSS0.00256EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

NETGEAR Orbi 缓冲区错误漏洞

NETGEAR Orbi is a distributed WiFi system developed by NETGEAR, a company in the United States. Versions of NETGEAR Orbi 370 prior to V12.1.2.7 contained a buffer error vulnerability. This vulnerability allowed attackers to intercept and manipulate traffic between the router and the internet. The...

7.5CVSS5.7AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder